McDewey

Multi-vendor documentation library · semantic search · MCP endpoint at /mcp

Page 123

↗ View in doc context
page
123
source
cucm/v15/tapi-dev-guide/tapi-dev-guide.md
chunk_id
cucm::v15::tapi-dev-guide::tapi-dev-guide::118

• TFTP Server: TFTP server IP address to fetch the CTL file. CTL, which file is required to verify the server certificate, gets sent while mutually authenticating the TLS connection. • Check box to Fetch Certificate: This setting is not stored anywhere, instead only gets used to update the Client certificate when it is checked and will get cleared automatically. • Number of Retries for Certificate Fetch: This indicates the number of retries TSP will perform to connect to CAPF Server for certificate download in case an error. (Default -0) (Range – 0 to 3) • Retry Interval for Certificate Fetch: This will be used when the retry is configured. It indicates the (secs) for which TSP will wait during retries. (Default – 0) (Range – 0 to 15) Because user is not expected to update the client certificate every time it changes, TSP UI will pop up a message when this box is checked by user that says “This will trigger a certificate update. Please make sure that you really want to update the TSP certificate now.” This will ensure that if user selects this check box in an error. TSP will fail to establish a secure connection to CTIManager if a valid certificate cannot be obtained. Each secure connection to CTIManager needs to have a unique certificate for authentication. If an application tries to create more than one Provider simultaneously with the same certificate or when a session with the same certificate already exists/is open, CTI Manager disconnects both providers. TSP will try reconnecting to CTIManager to bring the provider in service. However, if both providers continuously try to connect by using the same duplicated certificate, both providers will be closed after a certain number of retries, and the certificate will be marked as compromised by CTIManager on Unified CM server. The number of retries after which the certificate should be marked as compromised is configurable from the CTIManager Service Parameter CTI InstanceId Retry Count. CTI manager rejects further attempt to open provider with the certificate that is compromised. In this case, the CAPF profile of the compromised certificate should be deleted and a new CAPF Profile must be created for the user. The new CAPF profile for the user should use new instance ID. Otherwise, the old certificate, which was compromised previously, can be used again. A new error code, TSPERR_INIT_CERTIFICATE_COMPROMISED, with value as 0x00000011 where TSPERR_UNKNOWN is 0x00000010 now exists. Application should not have checks like “if (err < TSPERR_UNKNOWN))” because error codes exists that have a value greater than that. When TLS is used, the initial handshake will be slow as expected due to heavy use of public key cryptography. After the initial handshake is complete and the session is established, the overhead gets significantly reduced. The following profiling result applies on ProviderOpen for both secure and non-secure CTI connection. Comments Duration on OpenAllLines Duration on ProviderOpen Type of CTI Connection Controlled Devices N/A 1 sec 382 ms Non-Secure 0 With certificate retrieval. N/A 4 sec 987 ms Secure N/A 3 sec 736 ms Secure 3 sec 164ms 1 sec 672 ms Non-secure 100 3 sec 445ms 5 sec 758 ms Secure 3 min 26 sec 728 ms 29 sec 513 ms Non-Secure 2500 3 min 26 sec 928 ms 34 sec 219 ms Secure Cisco Unified TAPI Developers Guide for Cisco Unified Communications Manager, Release 15 and SUs 91 Features Supported by TSP Secure TLS